Unable to Process SAML request Error

2019-04-20T07:30:08Z

Hi All,

We are facing issue with SAML SSO integration. Some of the users are randomly getting error as :- "Unable to process SAML request".

This issue is not always happening, it is coming for some of the users randomly. Also the users facing the same issue on a day, next day they are able to login via SSO without any configuration/profile changes.

We are using latest SAML plugin from the marketplace. Apart from SAML plugin, we are also importing user from LDAP. We have setup LDAP import sync in every 8 hours with our system.

Some of the wierd observation:-
   1) On our DB, generally the users facing this kind of issue, have in User_ table "passwordModifiedDate" greater than "modifiedDate".
   2). Sometimes, User_ table both field "passwordModifiedDate" & "modifiedDate" is greater than current timestamp. Query used to fetch data is:-

       SELECT screenName, emailAddress, firstName, lastName, modifiedDate, passwordModifiedDate, status, lastLoginDate, lastFailedLoginDate FROM User_ where ( (CURRENT_TIMESTAMP < passwordModifiedDate OR CURRENT_TIMESTAMP < modifiedDate) and loginDate is not null


We are using Liferay 7.1 version and SAML plugin version is 4.0.1. Apart from that below config is done:-
LDAP configuration that we had done is as below:-
   1). Enable Import - Yes
   2). Enable Import on Startup - No
   3). Import Interval - 480
   4). Import Method - User_
   5). Lock Expiration Time - 86400000
   6). Import user Sync Strategy - Auth Type
   7). Enable User Password on Import - No
   8). Enable Group Cache on Import - Yes
   9). Enable Group Export - Yes

   Other than this configuration, we have kept settings as unchecked.

SAML Config:-
   1). SAML Role:- Service Provider
   2). Require Assertion Signature? - Yes
   3). Other all options are unchecked

We have also turned on loggers for SAML related classes and we get the exception always when we get above SAML error as given in attached file.

Any leads on above will be helpful.